From 451fe0494cd042427fb1f692800b46f251235f5f Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 22 Oct 2020 06:12:23 +0000 Subject: [PATCH] import libxml2-2.9.7-9.el8 --- SOURCES/libxml2-2.9.7-CVE-2020-24977.patch | 36 ++++++++++++++++++++++ SPECS/libxml2.spec | 7 ++++- 2 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 SOURCES/libxml2-2.9.7-CVE-2020-24977.patch diff --git a/SOURCES/libxml2-2.9.7-CVE-2020-24977.patch b/SOURCES/libxml2-2.9.7-CVE-2020-24977.patch new file mode 100644 index 0000000..fe4b398 --- /dev/null +++ b/SOURCES/libxml2-2.9.7-CVE-2020-24977.patch @@ -0,0 +1,36 @@ +From 50f06b3efb638efb0abd95dc62dca05ae67882c2 Mon Sep 17 00:00:00 2001 +From: Nick Wellnhofer +Date: Fri, 7 Aug 2020 21:54:27 +0200 +Subject: [PATCH] Fix out-of-bounds read with 'xmllint --htmlout' + +Make sure that truncated UTF-8 sequences don't cause an out-of-bounds +array access. + +Thanks to @SuhwanSong and the Agency for Defense Development (ADD) for +the report. + +Fixes #178. +--- + xmllint.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/xmllint.c b/xmllint.c +index f6a8e4636..c647486f3 100644 +--- a/xmllint.c ++++ b/xmllint.c +@@ -528,6 +528,12 @@ static void + xmlHTMLEncodeSend(void) { + char *result; + ++ /* ++ * xmlEncodeEntitiesReentrant assumes valid UTF-8, but the buffer might ++ * end with a truncated UTF-8 sequence. This is a hack to at least avoid ++ * an out-of-bounds read. ++ */ ++ memset(&buffer[sizeof(buffer)-4], 0, 4); + result = (char *) xmlEncodeEntitiesReentrant(NULL, BAD_CAST buffer); + if (result) { + xmlGenericError(xmlGenericErrorContext, "%s", result); +-- +GitLab + diff --git a/SPECS/libxml2.spec b/SPECS/libxml2.spec index e393c24..164a752 100644 --- a/SPECS/libxml2.spec +++ b/SPECS/libxml2.spec @@ -7,7 +7,7 @@ Name: libxml2 Version: 2.9.7 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Library providing XML and HTML support License: MIT @@ -34,6 +34,8 @@ Patch7: libxml2-CVE-2019-19956.patch Patch8: libxml2-2.9.7-CVE-2020-7595.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1810058 Patch9: libxml2-2.9.7-CVE-2019-20388.patch +# https://bugzilla.redhat.com/show_bug.cgi?id=1878252 +Patch10: libxml2-2.9.7-CVE-2020-24977.patch BuildRequires: gcc BuildRequires: cmake-rpm-macros @@ -205,6 +207,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz %{python3_sitearch}/libxml2mod.so %changelog +* Mon Oct 19 2020 David King - 2.9.7-9 +- Fix CVE-2020-24977 (#1878252) + * Mon Jan 20 2020 David King - 2.9.7-8 - Fix CVE-2019-19956 (#1793001) - Fix CVE-2020-7595 (#1799786)